Certain threat investigation capabilities in the Enterprise tier of Security Command Center are powered by Google Security Operations, including curated detections which enable you to identify patterns in both Google Cloud and AWS data.
If you plan to use curated detections, make sure to review information about supported log types. Each rule set requires certain data to function as designed, including one or more of the following:
- AWS CloudTrail logs
- AWS GuardDuty
- AWS VPC Flow
- AWS CloudWatch
- AWS Security Hub
- AWS context data about hosts, services, VPC, and users
To use these curated detections, you must ingest AWS data to Google Security Operations. For information about how to configure the ingestion of the AWS data, see Ingest AWS logs into Google Security Operations in the Google SecOps documentation.